Encryption At Rest — Google Cloud Professional Cloud Architect Practice Questions
Encryption at rest ensures that data stored on GCP infrastructure is encrypted before being written to disk, preventing exposure if physical media is removed or accessed outside the service boundary. GCP encrypts all customer data at rest by default using AES-256, and the exam tests the three key management tiers: Google-managed keys, Customer-Managed Encryption Keys (CMEK) via Cloud KMS, and Customer-Supplied Encryption Keys (CSEK). Architects must know when regulatory requirements mandate CMEK or CSEK, how key rotation works, and the availability and performance trade-offs of each approach.
Free questions on encryption at rest
Your company requires encryption of data both in transit and at rest. Which combination of GCP features provides this?
Free question · medium · full answer + explanation
More encryption at rest questions in the full bank
- You need to store sensitive data at rest with automatic encryption. Which is the best approach? Unlock answer & explanation →
- How should data sensitivity affect your encryption strategy? Unlock answer & explanation →